Export limit exceeded: 45554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4918 | 1 Ibm | 1 Guardium Data Protection | 2026-04-23 | 5.5 Medium |
| IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2008-6097 | 1 Wikyblog | 1 Wikyblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php. | ||||
| CVE-2009-3010 | 1 Mozilla | 3 Firefox, Mozilla, Seamonkey | 2026-04-23 | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site. | ||||
| CVE-2007-6608 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php. | ||||
| CVE-2008-7220 | 2 Debian, Prototypejs | 2 Debian Linux, Prototype | 2026-04-23 | N/A |
| Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors. | ||||
| CVE-2008-1175 | 1 Flicks Software | 1 Authentix | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter to aspAdmin/deleteUser.asp, a different vector than CVE-2008-1174. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0273 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. | ||||
| CVE-2007-2401 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. | ||||
| CVE-2008-1399 | 1 Clansphere | 1 Clansphere | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1428 | 1 Drupal | 1 Ubercart Module | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product. | ||||
| CVE-2008-1432 | 1 Manageengine | 1 Supportcenter Plus | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2115 | 1 Scriptsez | 1 Power Editor | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action. | ||||
| CVE-2009-0699 | 1 Plunet | 1 Business Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters. | ||||
| CVE-2009-0710 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0526 | 1 Adaptcms | 1 Adaptcms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI. | ||||
| CVE-2009-3509 | 1 Cj-design | 1 Cj Dynamic Poll | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2009-0455 | 1 Glfusion | 1 Glfusion | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php. | ||||
| CVE-2008-1209 | 1 Xitex | 1 Xitex Webcontent M1 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0496 | 1 Ignite Realtime | 1 Openfire | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) log parameter to (a) logviewer.jsp and (b) log.jsp; (2) search parameter to (c) group-summary.jsp; (3) username parameter to (d) user-properties.jsp; (4) logDir, (5) maxTotalSize, (6) maxFileSize, (7) maxDays, and (8) logTimeout parameters to (e) audit-policy.jsp; (9) propName parameter to (f) server-properties.jsp; and the (10) roomconfig_roomname and (11) roomconfig_roomdesc parameters to (g) muc-room-edit-form.jsp. NOTE: this can be leveraged for arbitrary code execution by using XSS to upload a malicious plugin. | ||||
| CVE-2009-1228 | 1 Arcadwy | 1 Arcadwy Arcade Script Cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter). | ||||